Re: [Fink-users] Oh great!

Tue, 23 Jul 2002 19:55:36 -0700

Here's the info from nslookup:
Server: sun00bna.bna.bellsouth.net
Address: 205.152.150.254

*** sun00bna.bna.bellsouth.net can't find 218.0.77.169: Non-existent host/domain


No match in Whois for sun00bna.bna.bellsouth.net

later,
Brandon Potter

On Tuesday, July 23, 2002, at 09:58 PM, Erik Price wrote:

On Tuesday, July 23, 2002, at 10:24 PM, Philip Ershler wrote:

I assume this email has been spoofed so it looks like it comes from fink?

From: [EMAIL PROTECTED]
Subject: [Fink-users] Harvest lots of E-Mail addresses quickly

I can't even send the full headers because they seem to be made up of tiff images.

<headers>

Received:
from smtpin12.mac.com ([10.13.10.157]) by ms02.mac.com (Netscape Messaging Server 4.15 ms02 Mar 5 2002 15:11:07) with ESMTP id GZQDKI00.98L; Tue, 23 Jul 2002 19:00:18 -0700

Received:
from usw-sf-list2.sourceforge.net (usw-sf-fw2.sourceforge.net [216.136.171.252]) by smtpin12.mac.com (8.12.3/8.12.1/1.0) with ESMTP id g6O2079c020834; Tue, 23 Jul 2002 19:00:08 -0700 (PDT)

Received:
from usw-sf-list1-b.sourceforge.net ([10.3.1.13] helo=usw-sf-
list1.sourceforge.net) by usw-sf-list2.sourceforge.net with esmtp (Exim 3.31-VA-mm2 #1 (Debian)) id 17XBRc-0008UW-00; Tue, 23 Jul 2002 19:00:04 -0700

Received:
from [218.0.77.169] (helo=localhost.com) by usw-sf-list1.sourceforge.net with smtp (Exim 3.31-VA-mm2 #1 (Debian)) id 17XBQu-00032z-00 for <[EMAIL PROTECTED]>; Tue, 23 Jul 2002 18:59:20 -0700

</headers>

My damn nslookup doesn't work when I'm at home... one thing I really liked about work. Anyway, if you trace the timestamps, it would appear that this message did in fact originate at 218.0.77.169 . And if you check that IP with your trusty browser, you'll find some further evidence....

If someone has a working nslookup and can determine the domain name of that IP address, do a "whois" to get the contact information for the owner of the domain name. Usually this information is spoofed or fake too, but if the spammer was stupid enough to put their own phone number or a real email address there, this could be useful for retaliation.

Of course, I'm not condoning anything whatsoever.... anyway, like I said, my nslookup isn't working.


Erik



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Fink-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/fink-users

Reply via email to